Summary

The hardcoded Minimal_Health_Factor bug in the DSCEngine.sol contract can cause users to be liquidated even if they have sufficient collateral. This is because the contract hardcodes the Minimal_Health_Factor to 1e18, which is a very high value. This means that even if a user has 200% collateral, they can still be liquidated if the tokens used are USDC or DAI

Vulnerability Details

The contract expect collateral to be 18 decimals but in discord channel it says that it can interact with any chainlink tokens some of them are 6 decimal like USDT or 2 decimals like DAI

Impact

The hardcoded Minimal_Health_Factor bug can have a significant impact on users of the DSCEngine.sol contract. The user can be Immediately liquidated even if they have 200% collateral. This can be a significant financial loss, especially if the user has invested a large amount of money into the contract. Additionally, the liquidation process can be slow and expensive, which can further add to the user's losses.

Tools Used

Manual Review

Recommendations

Use a more sophisticated liquidation mechanism. The current liquidation mechanism is very simplistic and does not take into account the use of different collateral then WETH/WBTC. A more sophisticated liquidation mechanism would take into account the user's collateral and would only liquidate the user if they were truly insolvent.